Over the years, WordPress secret keys have added to WordPress security. Update your WordPress secure keys and log out all users to enhance your WordPress security.

WordPress Security Keys

I had an opportunity to check some old WordPress blogs and they had outdated incomplete WordPress secret keys. WordPress Secret Keys was a WordPress security feature introduced 3 years back in WordPress 2.5 for better cookie security.

While earlier the WordPress secret key was one line of extra long random code, over the years it is now 8 lines of complex random code. This is what it looks like in current wp-config.php files.

The 8 security keys are AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, NONCE_KEY; with corresponding salts: AUTH_SALT, SECURE_AUTH_SALT, LOGGED_IN_SALT, and NONCE_SALT will ensure your site is harder to hack and crack by WordPress hackers.

WordPress Secret Key Generator

So how do you create that kind of random code? The old secret key generator created only 4 lines of code, but the new secret code generator will create 8 lines of code for you to cut and paste into your WordPress wp-config.php file.

Remember to use a simple text editor (I use Notepad++) else you might mess up your most important wp-config.php file. Remember changing these values will invalidate all existing cookies and logout all WordPress users on your site.

Check your WordPress wp-config.php in your WordPress installation directory now and confirm if 8 lines of secret keys exist. Anyway it is a good idea to change it sometimes and logout all users, just incase some hacker is secretly logged in. Good luck.

NB – Edit wp-config.php only if you know what you are doing, else your site could go offline easily. Try at your own risk or seek professional WordPress help.